Homexnetd.com
xnetd.com

NIST Special Publication NIST SP 800-171r3

3.12 SECURITY ASSESSMENT | NIST 800-171 control 3.12, focuses on security assessment. It mandates organizations to regularly evaluate the effectiveness of implemented security controls in their systems. This involves periodically assessing if the controls are functioning as intended, and developing plans to address any deficiencies or vulnerabilities found. Additionally, continuous monitoring is crucial to ensure the ongoing effectiveness of these controls.

NIST Special Publication NIST SP 800-171r3
Back to "NIST Special Publication NIST SP 800-171r3"
NIST Special Publication NIST SP 800-171r3
🖨️

3.12 SECURITY ASSESSMENT

By wnoble2005@gmail.com (William Noble) 📅 2024-03-02
NIST 800-171 control 3.12, focuses on security assessment. It mandates organizations to regularly evaluate the effectiveness of implemented security controls in their systems. This involves periodically assessing if the controls are functioning as intended, and developing plans to address any deficiencies or vulnerabilities found. Additionally, continuous monitoring is crucial to ensure the ongoing effectiveness of these controls.

(Image credit: q4q.com)


NIST 800-171, a critical cybersecurity framework, outlines requirements for securing information systems. One important aspect is security assessment, covered in section 3.12. These assessments help identify weaknesses and determine if existing security controls are working effectively.

There are three main controls within NIST 800-171's security assessment requirements. First, organizations must regularly conduct assessments, as mandated by AU-12. This ensures ongoing monitoring for vulnerabilities. Second, AU-13 requires using various assessment techniques. These can include penetration testing, which simulates cyberattacks, vulnerability scanning to find weaknesses in systems, and code reviews to identify flaws in software. Finally, AU-14 dictates that the findings from these assessments are reported to designated officials. This ensures appropriate action is taken to address any security risks discovered.


By following these NIST 800-171 security assessment requirements, organizations can proactively identify and address security weaknesses in their systems. This helps maintain a strong security posture and reduce the risk of cyberattacks.

Go to 3.12 SECURITY ASSESSMENT Page
Contents of 3.12 SECURITY ASSESSMENT:

About "3.12 SECURITY ASSESSMENT" 🡃
Category:Cybersecurity Maturity Model
Family:Access Control (AC 3.1), Audit and Accountability (AC 3.3), Awareness Training (AC 3.2), Configuration Management (AC 3.4), Identification and Authentication (AC 3.5), Incident Response (AC 3.6), Maintenance (AC 3.7), Media Protection (AC 3.8), Personnel Security (AC 3.9), Physical Protection (AC 3.10), Risk Assessment (AC 3.11), Security Assessment (AC 3.12), System and Communications Protection (AC 3.13), System and Information Integrity (AC 3.14)
NIST:NIST SP 800-171r3
#CybersecurityMaturityModel
⬅ Back to NIST Special Publication NIST SP 800-171r3

More on q4q.com

Q4Q Technical Solutions

© q4q.com 1999-2024